Skills
skills/lee-to/ai-factory/aif-reference/Gen Agent Trust Hub

aif-reference

Pass

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes content from untrusted sources without sufficient isolation.\n
  • Ingestion points: Untrusted data is ingested via WebFetch (external URLs), Read (local files), and the .ai-factory/skill-context/aif-reference/SKILL.md file which provides project-specific instruction overrides.\n
  • Boundary markers: Absent. The instructions do not define delimiters or markers to separate untrusted content from the agent's logic during the synthesis phase.\n
  • Capability inventory: The skill possesses Write and Edit capabilities to save files, and restricted shell access for directory management (mkdir, ls, wc).\n
  • Sanitization: Absent. No explicit validation or sanitization of retrieved content is required before processing.\n- [EXTERNAL_DOWNLOADS]: The skill uses WebFetch and WebSearch to retrieve content from arbitrary URLs to build knowledge references.\n- [COMMAND_EXECUTION]: The skill executes filesystem commands (mkdir, ls, and wc) to manage the reference storage directory and its index.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 11, 2026, 01:50 PM